New York Times site being restored after cyberattack

Aug. 28, 2013

The New York Times' newspaper website was hacked Tuesday. / Associated Press

Written by

Roger Yu and Jayne O'Donnell

USA TODAY

The New York Times' website is starting to be restored for many readers late this morning, more than 20 hours after being hacked by what appears to be the Syrian Electronic Army.

"The situation is close to being fully resolved," said Times spokeswoman Eileen M. Murphy, in a statement.

The SEA, a group of hackers who support Syrian President Bashar Assad, claimed responsibility online and said it also hacked Twitter's sites. The hackers seem to have gained access to the sites of the Times and Twitter through Melbourne IT, an Australian company that specializes in website domain name registration.

The Times said Tuesday its website crashed at about 3 p.m. ET, following an online attack on Melbourne IT, which is the vendor for the domain name the Times uses to host its content online.

Today's problems with the Times' site are not a new attack and the site remained down throughout early this morning. "There is no new outage this morning," Murphy said.

"If someone is still having trouble accessing the site, it is most likely the result of their Internet service provider not having yet restored the proper domain name system (DNS) records," she said. ISPs, such as Verizon or Time Warner Cable, sell high-speed access to the web, and DNS records include the crucial computer code that identifies particular websites.

The news organization was sending its news feed through another site as of this morning -- http://news.nytco.com.

It is the second failure of the Times' site in two weeks. It went dark on Aug. 14 due to what the publication said then was an internal problem, not the result of hacking.

Marc Frons, chief information officer for The New York Times Co., didn't directly blame the Syrian Electronic Army. But he told New York Times staffers in a memo Tuesday that it appears to be the work of the SEA or "someone trying very hard to be them," according to a report by the New York Times.

(Page 2 of 2)

He also advised the staff to "be careful when sending e-mail communications until this situation is resolved."

The New York Times Co. didn't immediately comment on whether it fully restored the website Tuesday night. But today's outage is likely a continuation of the same problem.

Huffington Post and Twitter also confirmed Tuesday their websites were affected by the DNS attacks. For Twitter, the Tuesday attack on its website used for images resulted in users having trouble viewing photos. A Twitter account that seemingly belongs to SEA showed an image that indicates SEA also attacked Twitter's domain.

Corporate websites' domain name system (DNS), which assigns the site's domain names and indexes them on designated servers, remains particularly vulnerable to hacker attacks, said Gunter Ollmann, chief technology officer of Internet security firm IOActive. "It's a very complex equation," he said. "There are soft points."

Media websites also are becoming increasingly complex and vulnerable as they integrate more software and content from partners, including third-party vendors, "widget" developers and advertising networks.

A day after the Times' Aug. 14 crash, the SEA also took down the websites of The Washington Post, CNN and Time. The companies said SEA hacked the Internet service of Outbrain, a content recommendation company whose software widget is embedded in their websites.

Such attacks underscore the vulnerability of electronic links and communication that now underpin much of the information flow in the U.S. But targeting media sites brings more attention for hackers, Ollmann said. "If the website of GE or The New York Times went down, which is going to generate more attention?"

Melbourne IT blamed one of its resellers for the security breach, according to its statement that appeared on technology news site TechCrunch.

The hackers gained access to the reseller's account on Melbourne IT's systems. And the DNS records of several domain names on that reseller's account - including NYTimes.com - were changed, it said.

Melbourne IT said it restored the affected DNS records back to their previous settings and took measures to prevent further changes.

"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," it said.

"Registrars really need to run a tighter ship," said Paul Ferguson, vice president of network monitoring firm Threat Intelligence. "This seems to continually happen, and each time it further erodes trust in the entire system."